Microsoft Plugs Three Windows Security Holes

Microsoft today issued a critical software update to plug at least three security holes in its Windows operating systems. The patch, which applies to all supported versions of Windows, is available from the Microsoft Update Web site, or via Automatic Updates.

All three security vulnerabilities relate to a weakness in the "Server Message Block" (SMB) protocol, a component of Windows used to provide shared access to files, printers, and other communications over a network.

Blueprints showing would-be attackers how to exploit one of the flaws were posted online back in October; Microsoft said the other two vulnerabilities were privately reported.

SMB threats can generally be stopped by a decent firewall, as they rely on the attacker or malicious software having direct access to a network hosting vulnerable systems. However, businesses typically test patches before deploying them to make sure they don't interfere with custom software, and in the meantime infected laptops brought in from the outside and plugged into the internal network can very quickly spread a worm designed to attack the flaw.

Eric Schultze, chief technology officer at Shavlik Technologies, a patch management firm, said he fully expects to see a worm emerging at some point to exploit one or more of these SMB vulnerabilities.

"If a worm is released, and that worm makes it into a corporate network, it will make Swiss cheese of that network relatively quickly," Shultze said.

Microsoft also added two new strains of malware to its "malicious software removal tool" (MSRT), an optional component updated once a month that can scan for and remove some of the most prevalent threats in circulation today. If installed and updated, the MSRT will run once a month when the computer is idle.

Added to the MSRT this month is "Downadup," a relatively new computer worm that attacks another Windows networking flaw Microsoft patched in October. Microsoft also threw in detection for the prolific "Bancos" family of data-stealing Trojan horse programs.

Quick general comment regarding Patch Tuesday. Every new patch tends to be for a vulnerability has long existed but only recently discovered and mitigated. One hopes the white hats find these before the black hats.

For many users (myself included) the MS Update website is reporting an optional hardware update for the "IdeaCom HID Touch Screen". This is apparently an erroneous identification by MS Update -- the update SHOULD NOT BE INSTALLED by most users.

A number of users have reported that their touch pad or PS/2 mouse has stopped working after installing this update.